The 2020 Black Friday scrum will be online—and some of it automated

online Christmas shopping

Andy Still, CTO at Netacea, looks at the issues online retailers may face this Black Friday.

2020’s Black Friday events are, like everything else in 2020, going to be different. Social distancing means that the usual viral media videos of unpleasant scrums as people fight for bargains won’t be available. We’re in for a more genteel start of the holiday season than in recent years.

But the bargain hunters will still be around. In fact, with straitened financial circumstances common, and retailers looking to make up for the rest of the year, we can expect the same scrum happening. Just not instore, but online.

Whether retailers launch their big push on Black Friday, Cyber Monday, or another day entirely, they will need to ensure that they stay online and available to make the most out of those visiting their sites—downtime will be a disaster. But it’s not just the traffic from real people they will need to look out for, but automated bot traffic too.

In 2019, 38.6% of Black Friday traffic to retail sites consisted of bad bots. More than a third of visitors are not only not looking to buy anything, but they are looking to commit fraud and subvert businesses in other ways.

How bots will take advantage of Black Friday


Retailers will likely be familiar with the methods used by automated bots to take over their customers’ accounts and commit fraud using stolen credit card details. But on busy days like Black Friday, there are other attacks that become more profitable than at other times.


Scraping

Scraping of prices by competitors, comparison websites and bad actors is common at any time, but on Black Friday what was a daily occurrence can happen multiple times an hour. What was once an annoyance but acceptable can quickly become a load capable of taking a site offline.


Inventory hoarding

When someone clicks on an item it ends up in their basket, ready for checkout and unavailable to anyone else. This is sensible as it means that no one can buy the same item twice. Unfortunately, it also means that any items in baskets can’t be bought. If this is done en masse by an army of bots, either by competitors looking to steal sales or just by mischief makers, then this can kill sales.


Brute force attacks

What better day to hide your attack on a site than on the busiest day of the year? Just like pickpockets and other criminals who will use the crowd to hide their activities, many bot users will wait until sites are extremely busy to launch their account takeover or similar method of brute force attack.

If sites are going to be busier this year than any previous year, then we can guarantee bot creators and users will be just as busy, looking to take advantage of the best time to hide their activities.

The need for speed


Black Friday has been notorious in the past for online retailers suffering issues. H&M was a victim of its own success last year, and NatWest had problems completing transactions, leaving both retailers and consumers frustrated. But it’s not all about uptime—speed is important too, and too many bots can mean a sluggish experience that can kill sales. Costco experienced this last year with so many advance orders leading to problems, and a banner had to be added on its website homepage informing customers that the website was “experiencing slow response times.”

Retailers may test their infrastructure for capacity and buy in extra capacity to deal with the problem, but many will only reckon with the real customers they expect, and not the bots that descend upon them. Bots can be more unpredictable, as only a few attackers can create a lot of traffic. If a site is inundated with bots, it can mean real customers end up with slow loading sites, errors, and an overall frustrating experience. And they won’t just look elsewhere on Black Friday. They’ll look elsewhere whenever they shop online.

The annual retail scrum that accompanies Black Friday may not happen this year, but a far less welcome influx will happen on websites unless retailers take steps to make sure bad bots don’t wreak havoc.


Andy Still

Andy is a pioneer of digital performance for online systems. As Chief Technology Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients. Andy has authored several books on computing and web performance, application development and non-human web traffic.

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...